Enforce Password Complexity Policy On CentOS 7/RHEL Derivatives

In this guide, we are going to learn how to enforce password complexity policy on CentOS 7/RHEL based derivatives. Our previous guide covered the enforcement of password complexity on Ubuntu 18.04. You can check the same by following the link below;

Enforce Password Complexity Policy On CentOS 7

Similar to our previous guide, we are going to use PAM pwquality modules to enforce password complexity policy on CentOS 7/RHEL based derivatives.

In Ubuntu or Debian based derivatives, we modified the, /etc/pam.d/common-password configuration file. For CentOS 7 or similar derivatives, the /etc/security/pwquality.conf or /etc/pam.d/system-auth configuration file is used.

As our normalcy, make a backup of the configuration file before making changes just in case things go south.






iCACLS.exe (2003 sp2, Vista+)

Change file and folder permissions – display or modify Access Control Lists (ACLs) for files and folders.
iCACLS resolves various issues that occur when using the older CACLS & XCACLS

   Add or remove permissions:
      ICACLS Name
         [/grant[:r] User:Permission[...]]
            [/deny User:Permission[...]]
               [/remove[:g|:d]] User[...]]
                  [/inheritance:e|d|r ]
                     [/setintegritylevel Level[...]]
                        [/T] [/C] [/L] [/Q]

   Store ACLs for one or more directories matching name into aclfile for later use with /restore:
      ICACLS name /save aclfile [/T] [/C] [/L] [/Q]
   Restore ACLs to all files in directory:
      ICACLS directory [/substitute SidOld SidNew [...]]
          /restore aclfile [/C] [/L] [/Q]

   Change Owner:
      ICACLS name /setowner user [/T] [/C] [/L] [/Q]

   Find items with an ACL that mentions a specific SID:
      ICACLS name /findsid Sid [/T] [/C] [/L] [/Q]

   Find files whose ACL is not in canonical form or with a length inconsistent with the ACE count:
      ICACLS name /verify [/T] [/C] [/L] [/Q]
   Replace ACL with default inherited acls for all matching files:
      ICACLS name /reset [/T] [/C] [/L] [/Q]
   This is equivalent to “Replace all child permission entries with inheritable permission from this object” in the GUI.

   name  The File(s) or folder(s) the permissions will apply to.

   /T  Traverse all subfolders to match files/directories. This will apply permission changes to
       all subfolders whether or not they are set to inherit permissions from the parent. On very large
       directory structures this may take some time as the command has to traverse the entire tree.
   /C  Continue on file errors (access denied) Error messages are still displayed.
   /L  Perform the operation on a symbolic link itself, not its target.

   /Q  Quiet - supress success messages.

   /grant :r user:permission
       Grant access rights, with :r, the permissions
       will replace any previouly granted explicit permissions (for the given user).
       Otherwise the permissions are added.

   /deny user:permission
       Explicitly deny the specified user access rights.
       This will also remove any explicit grant of the 
       same permissions to the same user.

   /remove[:[g|d]] User 
       Remove all occurrences of User from the acl. 
       :g remove all granted rights to that User/Sid.
       :d remove all denied rights to that User/Sid.

          e - Enable inheritance
          d - Disable inheritance and copy the ACEs 
          r - Remove all inherited ACEs

   /setintegritylevel [(CI)(OI)]Level 
       Add an integrity ACE to all matching files. 
       level is one of L,M,H (Low Medium or High)

             Mandatory Label\Low Mandatory Level    = Low.
             Mandatory Label\Medium Mandatory Level = Medium/Standard.
             Mandatory Label\High Mandatory Level   = Elevated.

             If No mandatory label is displayed in the output, it is Medium by default. 

       A Directory Inheritance option for the integrity ACE can precede the level
       and is applied only to directories:

   user   A user account, Group or a SID

   /restore  Apply the acls stored in ACLfile to the files in directory

   permission is a permission mask and can be specified in one of two forms:
        a sequence of simple rights:
                D - Delete access
                F - Full access (Edit_Permissions+Create+Delete+Read+Write)
                N - No access
                M - Modify access (Create+Delete+Read+Write)
                RX - Read and eXecute access
                R - Read-only access
                W - Write-only access
        a comma-separated list in parentheses of specific rights:
                DE - Delete
                RC - read control
                WDAC - write DAC
                WO - write owner
                S - synchronize
                AS - access system security
                MA - maximum allowed
                GR - generic read
                GW - generic write
                GE - generic execute
                GA - generic all
                RD - read data/list directory
                WD - write data/add file
                AD - append data/add subdirectory
                REA - read extended attributes
                WEA - write extended attributes
                X - execute/traverse
                DC - delete child
                RA - read attributes
                WA - write attributes
        inheritance rights can precede either form and are applied
        only to directories:
                (OI) - object inherit
                (CI) - container inherit
                (IO) - inherit only
                (NP) - don’t propagate inherit
                (I)  - Permission inherited from parent container

Linux下进程/程序网络带宽占用情况查看工具 — NetHogs





How to Install and Configure ‘Cache Only DNS Server’ with ‘Unbound’ in RHEL/CentOS 7

Version:1.0 StartHTML:000000222 EndHTML:000042418 StartFragment:000012983 EndFragment:000042312 StartSelection:000012983 EndSelection:000042308 SourceURL:https://www.tecmint.com/setup-dns-cache-server-in-centos-7/ How to Install and Configure ‘Cache Only DNS Server’ with ‘Unbound’ in RHEL/CentOS 7

Caching name servers using ‘Unbound‘ ( is a validating, recursive, and caching DNS server software ), back in RHEL/CentOS 6.x (where x is version number), we used bind software to configure DNS servers.

Here in this article, we are going to use ‘unbound‘ caching software to install and configure a DNS Server in RHEL/CentOS 7 systems.

Setup Cahing DNS Server in RHEL/CentOS 7

DNS cache servers are used to resolve any DNS query they receive. If the server caches the query and in future the same queries requested by any clients the request will be delivered from DNS ‘unbound‘ cache, this can be done in milliseconds than the first time it resolved.

Caching will only act as a agent to resolve the query of client from any one of the forwarders. Using caching server, will reduce the loading time of webpages by keeping the cache database in unbound server.

My Server and Client Setup

For demonstration purpose, I will be using two systems. The first system will act as a Master (Primary) DNS server and the second system will act as a local DNS client.

Master DNS Server
Operating System   :    CentOS Linux release 7.0.1406 (Core)
IP Address	   :
Host-name	   :	ns.tecmintlocal.com
Client Machine
Operating System   :	CentOS 6
IP Address	   :
Host-name	   :	client.tecmintlocal.com

Step 1: Check System Hostname and IP

1. Before setting up a caching DNS server, make sure that you’ve added correct hostname and configured correct static IP address for your system, if not set the system static IP address.

2. After, setting correct hostname and static IP address, you can verify them with the help of following commands.

# hostnamectl
# ip addr show | grep inet

Check IP Address

Step 2: Installing and Configuring Unbound

3. Before installing ‘Unbound’ package, we must update the our system to latest version, after that we can install the unbound package.

# yum update -y
# yum install unbound -y

4. After package has been installed, make a copy of the unbound configuration file before making any changes to original file.

# cp /etc/unbound/unbound.conf /etc/unbound/unbound.conf.original

5. Next, use any of your favorite text editor to open and edit ‘unbound.conf‘ configuration file.

# vim /etc/unbound/unbound.conf
Copy Unbound DNS Configuration

Once the file is opened for editing, make the following changes:


Search for Interface and enable the interface which we going to use or if our server have multiple interfaces we have to enable the interface

Here Our server IP was, So, i’am going to use unbound in this interface.

Enable IPv4 and Protocol Supports

Search for the following string and make it ‘Yes‘.

do-ip4: yes
do-udp: yes
do-tcp: yes
Enable the logging

To enable the log, add the variable as below, it will log every unbound activities.

logfile: /var/log/unbound
Hide Identity and Version

Enable following parameter to hide id.server and hostname.bind queries.

hide-identity: yes

Enable following parameter to hide version.server and version.bind queries.

hide-version: yes
Access Control

Then search for access-control to allow. This is to allow which clients are allowed to query this unbound server.

Here I have used, that means anyone send query to this server. If we need to refuse query for some range of network we can define which network need to be refuse from unbound queries.

access-control: allow

Note: Instead of allow, we can replace it with allow_snoop this will enable some additional parameters like dig and it support both recursive and non recursive.

Domain Insecure

Then search for domain-insecure. If our domain is works with DNS sec keys, we need to define our server available for domain-insecure. Here our domain will be treated as insecure.

domain-insecure: "tecmintlocal.com
Forward Zones

Then change the forwarders for our requested query not fulfilled by this server it will forward to root domain (. ) and resolve the query.

        name: "."

Finally, save and quit the configuration file using wq!.

6. After making the above configuration, now verify the unbound.conf file for any errors using the following command.

# unbound-checkconf /etc/unbound/unbound.conf

Check Unbound DNS Configuration

7. After file verification over without any errors, you can safely restart the ‘unbound’ service and enable it at system startup.

# systemctl start unbound.service
# sudo systemctl enable unbound.service

Start Unbound DNS Service

Step 3: Test DNS Cache Locally

8. Now it’s time to check our DNS cache, by doing a ‘drill’ (query) one ‘india.com‘ domain. At first the ‘drill‘ command results for ‘india.com‘ domain will take some milliseconds, and then do a second drill and have a note on Query time it takes for both drills.

drill india.com @

Check DNS Cache Locally

Did you see in the above output, the first query taken almost 262 msec to resolve and the second query takes 0 msec to resolve domain (india.com).

That means, the first query gets cached in our DNS Cache, so when we run ‘drill’ second time the query served from our local DNS cache, this way we can improve loading speed of websites.

Step 4: Flush Iptables and Add Firewalld Rules

9. We can’t use both iptables and firewalld at same time on same machine, if we do both will conflict with each other, thus removing ipables rules will be a good idea. To remove or flush the iptables, use the following command.

# iptables -F

10. After removing iptables rules permanently, now add the DNS service to firewalld list permanently.

# firewall-cmd --add-service=dns
# firewall-cmd --add-service=dns --permanent

11. After adding DNS service rules, list the rules and confirm.

# firewall-cmd --list-all

Add DNS to Firewalld

Step 5: Managing and Troubleshooting Unbound

12. To get the current server status, use the following command.

# unbound-control status

Check Unbound DNS Status

Dumping DNS Cache

13. If in-case you would like to have a dump of a DNS cache information in a text file, you can redirect it to some file using below command for future use.

 # unbound-control dump_cache > /tmp/DNS_cache.txt

Backup DNS Cache

14. To restore or import the cache from the dumped file, you can use following command.

# unbound-control dump_cache < /tmp/DNS_cache.txt

Restore DNS Cache

Flushing DNS Records

15. To check whether the specific address was resolved by our forwarders in unbound cache Server, use the below command.

# unbound-control lookup google.com

Check DNS Lookup

16. Some times if our DNS cache server will not reply our query, in mean time we can use to flush the cache to remove information such as A, AAA, NS, SO, CNAME, MX, PTR etc.. records from DNS cache. We can remove all information using flush_zone this will remove all informations.

# unbound-control flush www.digitalocean.com
# unbound-control flush_zone tecmintlocal.com

17. To check which forwards are currently used to resolve.

# unbound-control list_forwards

Check Current DNS Forwards

Step 6: Client Side DNS Configuration

18. Here I’ve used a CentOS 6 server as my client machine, IP for this machine is and I’m going to use my unbound DNS server IP (i.e Primary DNS) in it’s interface configuration.

Log-into the Client machine and set the Primary DNS server IP to our unbound server’s IP.

Run the setup command and choose network configuration from TUI network manager.

Then choose DNS configuration, insert the unbound DNS server’s IP as Primary DNS, but here i have used both in Primary and Secondary because I don’t have any other DNS server.

Primary DNS	:
Secondary DNS	:

Select Network Configuration

Select DNS Configuration

Enter DNS IP Address

Click OK –> Save&Quit –> Quit.

19. After adding Primary and Secondary DNS IP addresses, now it’s time to restart the network using following command.

# /etc/init.d/network restart

Restart Network

20. Now time to access any one of the website from client machine and check for the cache in unbound DNS server.

# elinks aol.com
# dig aol.com

Check Website

Query Website


Earlier we were used to setup DNS cache server using bind package in RHEL and CentOS systems. Now, we have seen how to setup a DNS cache server using unbound package. Hope this will resolve your query request quicker than the bind pacakge.





& 符号 & &amp;
单引号 &apos;
双引号 &quot;
大于 > &gt;
小于 < &lt;



 <?xml version="1.0" encoding="utf-8" ?>
         <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
     <add name="DBconnString" connectionString="Data Source=.;Initial Catalog=MyTest123456;User ID=sa;PassWord=123&456"/>





HTML中<,>,&等有特殊含义(<,>,用于链接签,&用于转义),不能直接使用。这些符号是不显示在我们最终看到的网页里的,那如果我们希望在网页中显示这些符号,就要用到HTML转义字符串(Escape Sequence)了





显示     说明     实体名称     实体编号


         空格     &nbsp;     &#160;

<         小于     &lt;      &#60;

>      大于    &gt;      &#62;

&      &符号    &amp;     &#38;

“      双引号    &quot;     &#34;

©      版权    &copy;    &#169;

®    已注册商标    &reg;    &#174;

™    商标(美国)    ™    &#8482;

×    乘号      &times;    &#215;

÷     除号      &divide;    &#247;




Linux 磁盘IO性能测试工具:FIO



$ yum install fio



# 卸载磁盘
umount /mnt/datadir1
# 格式化磁盘
mkfs.ext4 /dev/sdd
# 挂载磁盘
mount -t ext4 /dev/sdd /mnt/datadir1

# 自动挂载,在里面添加该盘
vim /etc/fstab



$ fio -filename=/dev/sda -direct=1 -iodepth 1 -thread -rw=read -ioengine=psync -bs=16k -size=200G -numjobs=30 -runtime=1000 -group_reporting -name=mytest1

filename=/dev/sdd 测试文件名称,通常选择需要测试的盘的data目录。
direct=1 测试过程绕过机器自带的buffer。使测试结果更真实。
rw=randwrite 测试模式
=read 顺序读
=write 顺序写
=randwrite 随机写
=randread 随机读
=rw,readwrite 顺序混合读写
=randrw 随机混合读写

bs=4k 单次io的块文件大小为4k
bsrange=512-2048 同上,提定数据块的大小范围
size=5G 本次的测试文件大小为5g,以每次4k的io进行测试。
numjobs=30 本次的测试线程为30个
runtime=1000 测试时间为1000秒,如果不写则一直将5g文件分4k每次写完为止
iodepth 队列深度,只有使用libaio时才有意义。这是一个可以影响IOPS的参数。
ioengine=psync io引擎使用psync方式
=libaio Linux专有的异步IO

rwmixwrite=30 在混合读写的模式下,写占30%
group_reporting 关于显示结果的,汇总每个进程的信息。
lockmem=1G 只使用1g内存进行测试。
zero_buffers 用0初始化系统buffer。
nrfiles=8 每个进程生成文件的数量。




  1. 请不要在系统盘上进行 fio 测试,避免损坏系统重要文件
  2. fio测试建议在空闲的、未保存重要数据的硬盘上进行,并在测试完后重新制作文件系统。请不要在业务数据硬盘上测试,避免底层文件系统元数据损坏导致数据损坏
  3. 测试硬盘性能时,推荐直接测试裸盘(如 vdb);测试文件系统性能时,推荐指定具体文件测试(如 /data/file)

4.1 顺序读测试

$ fio -ioengine=libaio -bs=4k -direct=1 -thread -rw=read -filename=/dev/sdd -name=”BS 4KB read test” -iodepth=16 -runtime=601

4.2 顺序写测试

$ fio -ioengine=libaio -bs=4k -direct=1 -thread -rw=write -filename=/dev/sdd -name=”BS 4KB write test” -iodepth=16 -runtime=601

4.3 随机读测试

$ fio -ioengine=libaio -bs=4k -direct=1 -thread -rw=randread -filename=/dev/sdd -name=”BS 4KB randread test” -iodepth=16 -runtime=601

4.4 随机写测试

$ fio -ioengine=libaio -bs=4k -direct=1 -thread -rw=randwrite -filename=/dev/sdd -name=”BS 4KB randwrite test” -iodepth=16 -runtime=601

4.5 随机读写混合测试

$ fio -ioengine=libaio -bs=4k -direct=1 -thread -rw=randrw -rwmixread=70 -filename=/dev/sdd -name=”BS 4KB randrw 70 test” -iodepth=16 -runtime=601



BS 4KB randread test: (g=0): rw=randread, bs=4K-4K/4K-4K/4K-4K, ioengine=libaio, iodepth=1
Starting 1 thread

BS 4KB randread test: (groupid=0, jobs=1): err= 0: pid=26408: Mon Feb 27 16:43:07 2017
read : io=19908KB, bw=339689B/s, iops=82, runt= 60013msec
# fio做了19908KB的IO,bandwidth速率为339689B/s,总IOPS为82,运行时间为60013毫秒

slat (usec): min=18, max=97, avg=23.60, stdev= 2.79
# slat (submission latency):代表 盘需要多久将IO提交到kernel做处理
# usec 微秒

clat (msec): min=1, max=23, avg=12.03, stdev= 3.79
# clat (completion latency):命令提交到kernel到IO做完之间的时间,不包括submission latency

 lat (msec): min=1, max=23, avg=12.05, stdev= 3.79
# 从IO结构体创建时刻开始,直到紧接着clat完成的时间

clat percentiles (usec):
 |  1.00th=[ 4080],  5.00th=[ 5984], 10.00th=[ 7136], 20.00th=[ 8640],
 | 30.00th=[ 9920], 40.00th=[10944], 50.00th=[11840], 60.00th=[12992],
 | 70.00th=[14016], 80.00th=[15296], 90.00th=[17024], 95.00th=[18560],
 | 99.00th=[20864], 99.50th=[21632], 99.90th=[22400], 99.95th=[22912],
 | 99.99th=[23168]
# Completion latency百分数

bw (KB  /s): min=  276, max=  373, per=100.00%, avg=331.54, stdev=18.83
# 带宽(bandwidth)

lat (msec) : 2=0.02%, 4=0.82%, 10=30.32%, 20=66.75%, 50=2.09%
# 30.32%的request延迟在4~10毫秒,66.75%的request延迟在10~20毫秒,以此类推

cpu : usr=0.10%, sys=0.25%, ctx=5057, majf=0, minf=8
# 用户/系统CPU占用率,进程上下文切换(context switch)次数,主要和次要(major and minor)页面错误数量(page faults)。由于测试是配置成使用直接IO,page faults数量应该极少。

IO depths : 1=100.0%, 2=0.0%, 4=0.0%, 8=0.0%, 16=0.0%, 32=0.0%, >=64=0.0%
# iodepth设置,用来控制同一时刻发送给OS多少个IO。这完全是纯应用层面的行为,和盘的IO queue不是一回事

 submit    : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.0%, >=64=0.0%
 complete  : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.0%, >=64=0.0%

 issued    : total=r=4977/w=0/d=0, short=r=0/w=0/d=0
 # 发送的IO数量

 latency   : target=0, window=0, percentile=100.00%, depth=1
 # Fio可以配置一个延迟目标值,这个值可以调节吞吐量直到达到预设的延迟目标

Run status group 0 (all jobs):


READ: io=19908KB, aggrb=331KB/s, minb=331KB/s, maxb=331KB/s, mint=60013msec, maxt=60013msec
# 汇总输出吞吐量和时间。
# io=表示总共完成的IO数量。在基于时间的测试中这是一个变量,在基于容量的测试中,这个值能匹配size参数。
# aggrb是所有进程/设备的汇总带宽。
# minb/maxb表示测量到的最小/最大带宽。
# mint/maxt表示测试的最短和最长耗时。和io=参数类似,时间值对于基于时间的测试应该能匹配runtime参数,对于基于容量的测试是一个变量。

Disk stats (read/write):
sdd: ios=4969/0, merge=0/0, ticks=59703/0, in_queue=59702, util=99.51%





Pyinotify是一个Python模块,用来监测文件系统的变化。 Pyinotify依赖于Linux内核的功能—inotify(内核2.6.13合并)。 inotify的是一个事件驱动的通知器,其通知接口通过三个系统调用从内核空间到用户空间。pyinotify结合这些系统调用,并提供一个顶级的抽象和一个通用的方式来处理这些功能。

  • pyinotify 说百了就是通过 调用系统的inotify来实现通知的
  • inotify 既可以监视文件,也可以监视目录
  • Inotify 使用系统调用而非 SIGIO 来通知文件系统事件。

Inotify 可以监视的文件系统事件包括:

Event NameIs an EventDescription
IN_ACCESSYesfile was accessed.
IN_ATTRIBYesmetadata changed.
IN_CLOSE_NOWRITEYesunwrittable file was closed.
IN_CLOSE_WRITEYeswrittable file was closed.
IN_CREATEYesfile/dir was created in watched directory.
IN_DELETEYesfile/dir was deleted in watched directory.
IN_DONT_FOLLOWNodon’t follow a symlink (lk 2.6.15).
IN_IGNOREDYesraised on watched item removing. Probably useless for you, prefer instead IN_DELETE*.
IN_ISDIRNoevent occurred against directory. It is always piggybacked to an event. The Event structure automatically provide this information (via .is_dir)
IN_MASK_ADDNoto update a mask without overwriting the previous value (lk 2.6.14). Useful when updating a watch.
IN_MODIFYYesfile was modified.
IN_MOVED_FROMYesfile/dir in a watched dir was moved from X. Can trace the full move of an item when IN_MOVED_TO is available too, in this case if the moved item is itself watched, its path will be updated (see IN_MOVE_SELF).
IN_MOVED_TOYesfile/dir was moved to Y in a watched dir (see IN_MOVE_FROM).
IN_ONLYDIRNoonly watch the path if it is a directory (lk 2.6.15). Usable when calling .add_watch.
IN_OPENYesfile was opened.
IN_Q_OVERFLOWYesevent queued overflowed. This event doesn’t belongs to any particular watch.
IN_UNMOUNTYes宿主文件系统被 umount


# coding:utf-8
import os
from pyinotify import WatchManager, Notifier,ProcessEvent,IN_DELETE, IN_CREATE,IN_MODIFY
class EventHandler(ProcessEvent):
 def process_IN_CREATE(self, event):
  print  "Create file: %s " %  os.path.join(event.path,event.name)
 def process_IN_DELETE(self, event):
  print  "Delete file: %s " %  os.path.join(event.path,event.name)
 def process_IN_MODIFY(self, event):
   print  "Modify file: %s " %  os.path.join(event.path,event.name)
def FSMonitor(path='.'):
  wm = WatchManager() 
  notifier = Notifier(wm, EventHandler())
  wm.add_watch(path, mask,auto_add=True,rec=True)
  print 'now starting monitor %s'%(path)
  while True:
     if notifier.check_events():
   except KeyboardInterrupt:
if __name__ == "__main__":

How to Install Windows on RAID 5 with Drives Larger than 2TB

Setting Up the PERC with the DISKPART Tool for Windows Install

This type of RAID array requires a partition using a GUID (Globally Unique Identifier) Partition Table (GPT) to work properly for Windows in UEFI BIOS mode. Windows Setup, however, does not support making a GPT partition in the standard setup dialogue. Diskpart from the Command Prompt must be used to create a GPT partition to allow setup to see the RAID partition and continue setup.

Figure 1

  1. Start the install, and load the PERC H310 drivers via the OS “Load Diver” function. After the driver is loaded the RAID volume will appear in the install to device list (Figure 1).
  2. Press Shift+F10 to bring up a Command Prompt window.
  3. Type DISKPART and press Enter to enter the DISKPART tool. Enter the commands in the following steps as shown in bold and press enter.
  4. DETAIL DISK – This shows a list of volumes seen by the system. Make note of the Volume number for the RAID array.
  5. SELECT DISK=X – X will be the Volume number of the RAID shown in the detail disk report.
  6. CLEAN – Clears the partition information.
  7. CONVERT GPT – Sets the partition to GPT.
  8. EXIT – Exits DISKPART.
  9. Exit the Command Prompt window.
  10. The full RAID volume should show in the device list.
  11. Complete the remainder of the installation process normally. The RAID volume should show as “Windows Boot Manager” in UEFI.

If this was completed correctly, the system should boot normally in UEFI BIOS mode, and allow Windows to install.

Configure IIS to listen on specific IPs

By default IIS will listen for connections on port 80 for any IP bound to the server. This happens even if there are no host headers or bindings set for a specific IP. This can be a problem when trying to run multiple web servers on port 80.

To set IIS to listen on specific IPs follow the instructions below.

Windows Server 2003/IIS 6:

1. This requires the Server 2003 support tools. If this is not already installed it can be downloaded here.

2. Once installed open a command prompt and navigate to the support tools installation folder (default is C:\Program Files\Support Tools).
cd C:\Program Files\Support Tools

3. Stop http.
net stop http /y

4. Use this command to display the current list of IPs:
httpcfg query iplisten

5. By default it will listen on all IPs ( so we can remove this.
httpcfg delete iplisten -i

6. Specify the IP(s) that IIS should listen on. Make sure to update to the desired IP and run the command for each IP IIS should listen on.
httpcfg set iplisten -i

7. Start http and test out your sites.
net start http

Windows Server 2008/IIS 7:

1. Open a command prompt and type “netsh”.

2. Type “http”.

3. Enter the following command to display the current list of IPs to listen on. Note if no IPs are displayed like in the below image, IIS will listen on all IPs (default).
show iplisten

4. Use the command below to set IIS to listen on a specific IP. Make sure to replace with the correct IP and run the command again for any additional addresses.
add iplisten ipaddress=

5. In case you need to delete an IP from this list, use the following command.
delete iplisten ipaddress=

6. Restart IIS to apply these changes.

IIS listening instead

I use command:

netsh http show iplisten

and saw in listening list. (But I didn’t add it manually). So I delete it and add instead.

netsh http delete iplisten ipaddress=

netsh http add iplisten ipaddress=

Then I restarted iis server.